formbook

General

Target

order pdf.zip
Size

368KB
Sample

210420-eyc7rtx4ye
MD5

1628e0ab8a9eeb483092f2f6a59502c7
SHA1

ffec8186dc358d987f0f9e57f8df6d839e99e459
SHA256

f10598f24cfce711f61b205c92bf67614c1e7361d0a38a18622fc6ed0a2020e9
SHA512

54c3a062a230a3c6d7ea276612791df691b7ca5e5790269f09864124c401aa526b5f2df2494864915210b93316b25df82b126830903f36bf2870235142beba43

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

C2

http://www.joomlas123.info/n7ak/

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

- Target
  
  order pdf.exe
- Size
  
  906KB
- MD5
  
  69802992de34a4988baf0045a2d1dccf
- SHA1
  
  5a568d6d7a56a1f1bd81a6dd5a7487a7b7b6dff3
- SHA256
  
  de9d32e10118cdc282e1e20d42c53c061f0d9c727c88af95f8d9059ea163e2f6
- SHA512
  
  a1a5e73f86ab933256a3689c1ad06f17534a06ac0cc8446a5e23c462e787d56b9887399660823ebfed7b0069745624e48a8acd1575e98efcb273dbe006dfe202
Score

10^/10

formbook persistence rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2